Leaderboard

I don't have a problem with updating to fix it. I have a problem with having to go in and fix by adding and deleting system files. That should be done with an update. I have never had windows shut my system down. They have always fixed it with an update.

All I can say is they did - a significant amount of investigative analysis and testing was done before the action was taken and then subsequent follow up communication. Clearly it would not be in the best interests to communicate first and apply the action later - for obvious reasons.. It is up to emby what they wish to share, and lets be honest here, while there are no longer any immediate threats, emby have some security 'concerns' they need to address asap. imo openly listing these is not in the best interests of the users and is just providing information for hackers to find the next exploit. To be clear here, I'm not defending emby due to the lack of acknowledgement/action on the original disclosure but I am very much hoping this is a big wake up call for them to put security at the top of their priority list and keep it there ..

There is nothing in the changelog attached to: https://github.com/MediaBrowser/Emby.Releases/releases/tag/4.7.12.0 to signify this is a critical security release. I would suggest that as a matter of standard practice any security fixes be tagged as such so that the community and upstream who follow only Github for releases are aware.

I for one am appreciative of how quickly you acted regarding this hack. I run Emby in docker (on Unraid) and it doesn't appear anything has been compromised and I didn't see any unusual activity in Emby but as your blog suggested I changed everyone's passwords as a precaution. Thank you for being diligent.